Employee working on a computer
  • The Health Informatics Service
  • paul glover
  • National Cyber Security Centre
  • Cyber Security
  • Calderdale and Huddersfield NHS Foundation Trust
  • NHS Digital
  • NHS England
Picture of author, The Health Informatics Service (THIS)

Author: The Health Informatics Service (THIS)

Published: November 1st 2022

Cyber-security: How safe is your organisation?

Cyber security was thrust into the spotlight when a ransomware attack on an NHS IT provider threatened to disrupt digital services such as patient check-ins and NHS 111.

A ransomware attack is where hackers take control of IT systems to steal data and demand payment from their victims to recover it.

The firm at the centre of the attack refused to confirm whether it had negotiated with the hackers or paid a ransom. However, it did indicate it would take up to four weeks to recover.

The incident is a clear example of the potential damage and chaos that a cyber-attack can inflict and highlights the magnitude of cyber security.

THIS – at the vanguard of cyber security

The Health Informatics Service (THIS) is at the vanguard of cyber security for its host trust, the Calderdale and Huddersfield NHS Foundation Trust (CHFT) and 59 clients across the healthcare sector.

Its Cyber Security Team helps to protect approximately 15,000 devices used by 19,000 people working within CHFT and a spectrum of clients ranging from prison healthcare service providers to GPs’ surgeries.

THIS is the only NHS informatics service to hold three ISO standards relating to cyber security and data protection: ISO 27001 Information Security Management, 9001 Cyber Management and 20000-1 Information Technology Service Management. It is compliant with the NHS Digital/NHS England Data Security and Protection Toolkit (DSPT) and its cyber security training is NHS Digital/NHS England mandated.

In one two-month period, CHFT was the target of 46,600 phishing emails and 34,600 spam emails that resulted in 1,658 malicious websites being blocked, and the thwarting of 1,432 malware attacks.

Building up a security posture

How much protection a healthcare organisation requires depends on the amount and type of data it handles, particularly if it includes patient data. 

Paul Glover, of THIS’ Cyber Security Team, recommends the National Cyber Security Centre (NCSC) 10 steps to cyber security as a good starting point. It includes advice on the management of risks, assets, vulnerability, identity and systems access, training and data security.

He says: “Acquiring a good security posture doesn't mean your organisation is completely impenetrable from a cyber-attack. It means the impact is likely to be less than if you'd done nothing.

“The other part of the equation is understanding that if, or when, you are attacked what is your response will be? How are you going to keep running your organisation while it’s suffering from a cyber-attack?”

Back-up plan and incident response

Malware is evolving constantly. Paul Glover likens it to different variants of a virus and how symptoms can change with different mutations.

He says: “What the virus creators do now is create it so that it changes every time it infects a PC. We use next generation antivirus software that looks at the behaviours of the malware instead of looking at the signature.

“Modern antivirus firewalls, intrusion prevention systems, antivirus web security and email security help us to stay ahead of the game.”

Backing up data is an important step to keep it safe, as is having an incident response strategy to be as well prepared as possible.

Recognising the threat and where it comes from…

A common perception of a cyber security attack is one of the hackers breaking through firewalls. But sometimes the threat can come from close to home.

Paul Glover: “There is a threat that comes from inside an organisation. NHS staff have access to some critical information. Someone could sell data or leak it to the internet. But it can happen unwittingly. Social engineering (the term used for a range of malicious activities that trick system users into making security mistakes or giving away sensitive information) is another big risk.”

Providing protection against cyber sabotage

THIS provide services to support the protection against cyber attacks such as healthcare & NHS information governance and other cyber security support services.

You can read our in-depth white paper on Cyber-security: How safe is your organisation or if you’d like to discuss your requirements, contact us.

Issue 103

NHE Issue 103

Join the conversation shaping the future of healthcare.

Click below to read more!

Read Now

More articles...

View all
Online conferences

Presenting

2025 Online Conferences

In partnership with our community of health sector leaders responsible for delivering the UK's health strategy across the NHS and the wider health sector, we’ve devised a collaborative calendar of conferences and events for industry leaders to listen, learn and collaborate through engaging and immersive conversation. 

All our conferences are CPD accredited, which means you can gain points to advance your career by attending our online conferences. Also, the contents are available on demand so you can re-watch at your convenience.

Register Here

National Health Executive Podcast

Listen to industry leaders on everything within healthcare

Whether it's the latest advancements in medical technology, healthcare policies, patient care innovations, or the challenges facing healthcare providers, we cover it all.

 

Join us as we engage with top healthcare professionals, industry leaders, and policy experts to bring you insightful conversations that matter.

Listen Now
News

News

 Partner Content

Partner Content

 Podcast

Podcast

 Events

Events